Hi there,

 

(pretty new at mod_security).

 

I am running mod_security (latest version) on front of a webapplication. This webapplication generates a signature and appends this to the query string. Because this signature contains a large random string it sometimes contains a forbidden string and is blocked by mod_security by a false positive.

 

Is it possible to exclude a single query string variable for inspection by mod_security (and to set that globally, not in each rule) ?

 

Thanks in advance

 

Jeroen